Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS206668.roa
File:                     AS206668.roa (raw, json)
Hash identifier:          /ypZ3uJqK+eCxmgz/Pedtk5Y99+pHHYAwQYN2Ol9hvM=
Subject key identifier:   2E:12:26:38:DC:87:19:99:91:76:60:2E:E3:49:3D:4A:CB:D2:54:B6
Certificate issuer:       /CN=9dfbff217105df8877d463f6e9bac28a4084d20c
Certificate serial:       11CA876CB702A62C8B975E18837A08B49E6BEA79
Authority key identifier: 9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS206668.roa
Signing time:             Thu 02 Apr 2026 14:01:33 +0000
ROA not before:           Thu 02 Apr 2026 13:56:33 +0000
ROA not after:            Thu 01 Apr 2027 14:01:33 +0000
asID:                     206668
IP address blocks:        185.231.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 Apr 2026 16:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            11:ca:87:6c:b7:02:a6:2c:8b:97:5e:18:83:7a:08:b4:9e:6b:ea:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9dfbff217105df8877d463f6e9bac28a4084d20c
        Validity
            Not Before: Apr  2 13:56:33 2026 GMT
            Not After : Apr  1 14:01:33 2027 GMT
        Subject: CN=2E122638DC8719999176602EE3493D4ACBD254B6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:e6:fa:37:f2:b3:ae:f7:6b:77:6e:fb:5d:d9:
                    7b:f2:ff:72:92:1c:63:f2:42:a1:e1:5b:35:9d:79:
                    ae:c5:52:48:1f:c3:31:bc:2e:8e:de:38:92:36:ff:
                    02:8d:7d:2a:1e:bd:8d:0b:b9:cf:cc:72:72:ad:6f:
                    ab:01:06:4a:bb:47:ec:a8:fe:f3:e0:aa:2e:2b:20:
                    10:fc:91:68:1b:c4:2f:b7:ed:11:e6:d9:6a:83:f8:
                    da:24:43:21:6a:2d:02:b6:7b:0c:db:ab:76:eb:a6:
                    30:32:b3:9f:6b:d1:42:63:db:d7:c0:c0:1e:81:33:
                    99:7f:6c:1f:3f:b4:2e:c9:56:4e:74:13:76:2b:f9:
                    9d:e5:67:f6:e6:c0:ba:b9:91:7e:e3:1e:df:bd:74:
                    79:b7:79:68:76:8c:a2:04:e3:05:6d:2f:5c:29:42:
                    1b:3f:7f:6b:8c:d7:16:ef:86:8b:32:cd:d5:05:12:
                    c3:f8:63:83:35:3e:36:7d:43:23:5f:0d:cb:5c:03:
                    fe:cf:a2:e7:c4:a0:47:8f:f1:71:69:2b:9d:c4:54:
                    82:f7:b7:91:ad:ff:6c:fc:01:71:64:12:06:2d:68:
                    fa:1d:5b:ae:56:c3:fb:95:39:33:4e:c6:af:9b:8b:
                    de:3f:a6:c4:d9:75:88:43:c6:95:97:2a:d8:a9:07:
                    1c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:12:26:38:DC:87:19:99:91:76:60:2E:E3:49:3D:4A:CB:D2:54:B6
            X509v3 Authority Key Identifier:
                keyid:9D:FB:FF:21:71:05:DF:88:77:D4:63:F6:E9:BA:C2:8A:40:84:D2:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/9DFBFF217105DF8877D463F6E9BAC28A4084D20C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nfv_IXEF34h31GP26brCikCE0gw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/55b4d9e8-4111-4394-a3a6-bd8251e7fbbd/0/AS206668.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.231.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:71:2d:3c:08:3c:0b:6b:d9:83:46:c5:22:1f:f0:60:c2:2b:
         b6:18:7c:a5:8b:c7:b1:e4:e3:81:d1:cf:27:95:7c:bb:e1:c0:
         a5:b9:25:ea:c1:a8:47:bf:a1:2f:f7:b5:59:29:37:92:d6:4a:
         f4:ba:52:47:99:fb:b2:1c:25:17:35:a1:aa:8e:74:99:aa:60:
         59:79:07:20:54:c8:e1:6a:8d:f6:27:42:f9:17:a8:86:90:65:
         55:96:ba:4d:8b:11:b3:0d:3b:fd:9f:90:8f:c7:97:e0:34:17:
         f1:29:6a:2c:1b:f2:e9:c4:a4:5f:d9:90:c7:3e:ae:98:72:f9:
         35:67:84:b8:ce:68:a6:cc:1c:98:f2:94:a9:08:7d:fa:42:9b:
         82:c5:7e:33:0f:69:6d:49:3a:b1:d9:be:a5:96:72:e8:f2:7e:
         ae:8c:ee:cb:9a:0e:a2:0d:d3:38:c0:4f:0d:bc:d5:d5:93:4d:
         86:ac:87:ad:20:64:4e:63:69:ce:04:a3:12:ac:2c:c7:c5:0a:
         b4:42:7b:f5:ed:d1:41:7f:ff:c3:b1:cd:82:f0:c0:21:4c:fd:
         f9:99:a8:49:22:ba:24:6c:2b:3a:1f:a4:73:85:94:da:8a:80:
         51:e3:36:8b:c2:5c:16:47:a8:01:bd:df:2d:35:78:88:51:b0:
         a9:80:37:0e
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgIUEcqHbLcCpiyLl14Yg3oItJ5r6nkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoOWRmYmZmMjE3MTA1ZGY4ODc3ZDQ2M2Y2ZTliYWMyOGE0
MDg0ZDIwYzAeFw0yNjA0MDIxMzU2MzNaFw0yNzA0MDExNDAxMzNaMDMxMTAvBgNV
BAMTKDJFMTIyNjM4REM4NzE5OTk5MTc2NjAyRUUzNDkzRDRBQ0JEMjU0QjYwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDX5vo38rOu92t3bvtd2Xvy/3KS
HGPyQqHhWzWdea7FUkgfwzG8Lo7eOJI2/wKNfSoevY0Luc/McnKtb6sBBkq7R+yo
/vPgqi4rIBD8kWgbxC+37RHm2WqD+NokQyFqLQK2ewzbq3brpjAys59r0UJj29fA
wB6BM5l/bB8/tC7JVk50E3Yr+Z3lZ/bmwLq5kX7jHt+9dHm3eWh2jKIE4wVtL1wp
Qhs/f2uM1xbvhosyzdUFEsP4Y4M1PjZ9QyNfDctcA/7PoufEoEeP8XFpK53EVIL3
t5Gt/2z8AXFkEgYtaPodW65Ww/uVOTNOxq+bi94/psTZdYhDxpWXKtipBxzxAgMB
AAGjggIKMIICBjAdBgNVHQ4EFgQULhImONyHGZmRdmAu40k9SsvSVLYwHwYDVR0j
BBgwFoAUnfv/IXEF34h31GP26brCikCE0gwwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTViNGQ5ZTgtNDExMS00Mzk0LWEzYTYtYmQ4MjUxZTdm
YmJkLzAvOURGQkZGMjE3MTA1REY4ODc3RDQ2M0Y2RTlCQUMyOEE0MDg0RDIwQy5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL25mdl9JWEVGMzRoMzFHUDI2YnJDaWtD
RTBndy5jZXIwewYIKwYBBQUHAQsEbzBtMGsGCCsGAQUFBzALhl9yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzU1YjRkOWU4LTQxMTEt
NDM5NC1hM2E2LWJkODI1MWU3ZmJiZC8wL0FTMjA2NjY4LnJvYTAYBgNVHSABAf8E
DjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuefh
MA0GCSqGSIb3DQEBCwUAA4IBAQCEcS08CDwLa9mDRsUiH/Bgwiu2GHyli8ex5OOB
0c8nlXy74cCluSXqwahHv6Ev97VZKTeS1kr0ulJHmfuyHCUXNaGqjnSZqmBZeQcg
VMjhao32J0L5F6iGkGVVlrpNixGzDTv9n5CPx5fgNBfxKWosG/LpxKRf2ZDHPq6Y
cvk1Z4S4zmimzByY8pSpCH36QpuCxX4zD2ltSTqx2b6llnLo8n6ujO7Lmg6iDdM4
wE8NvNXVk02GrIetIGROY2nOBKMSrCzHxQq0Qnv17dFBf//Dsc2C8MAhTP35mahJ
IrokbCs6H6RzhZTaioBR4zaLwlwWR6gBvd8tNXiIUbCpgDcO
-----END CERTIFICATE-----